In the latest episode of the 'OT Security Made Simple podcast' , Klaus Mochalski, founder and CEO of Rhebo, sits down with Todd Wiedman, Chief Security Officer of Landis+Gyr, to cover a range of topics, shedding light on the evolving challenges and solutions within the realm of AMI security.
Drawing from his 15-year experience in the field, Todd shares his insights from the dynamic landscape of cybersecurity and explains that Landis+Gyr's foray into OT security was prompted by the evolution of smart meters into a broader smart infrastructure. Highlighting the shifting threat landscape in grid and AMI security however, Todd emphasizes the need to extend security measures beyond smart meters to include the entire edge infrastructure.
"We see that there's going to be a lot of edge systems that are going to play a major role in this space going forward and today we do a really good job at protecting and defending the smart meter infrastructure. ."
Listen to the full podcast here:
The acquisition of Rhebo, a company specializing in OT security, was a strategic move to fortify Landis+Gyr's capabilities in safeguarding the entire distribution network.
"In the past, the thought was that the smart meter would be the avenue of attack. And we see that that's switching to more of an attack of the control systems that are managing these edge devices."
Klaus brings up the security threats to grid infrastructure outlined in Marc Ellsberg's bestseller "Blackout," and the plausibility of such attacks. Todd explains that attacking the meter firmware as depicted in the book, while plausible is unlikely to succeed.
"It would be very difficult via that attack vector... we haven't seen a lot of success in attacking a meter specifically."
Citing that because smart metering companies like Landis+Gyr do a lot of work to ensure that firmware, network and meters are protected from an encryption perspective, Todd delves into the complexities of attacking smart meters directly and emphasizes the industry's robust measures to protect against such scenarios. The focus, he suggests, should shift towards safeguarding control systems managing various edge devices.
Pivoting to the future, Klaus and Todd then discuss the broader smart grid infrastructure and the critical role played by control systems. Todd underscores the necessity for heightened visibility at the edge and anticipates regulatory requirements driving cybersecurity measures in the industry while Klaus brings up the complexity of multi-vendor infrastructures amid questions like: Who assumes responsibility for cybersecurity? Todd acknowledges the challenges, citing instances where the lines of responsibility are blurred, especially in scenarios involving batteries and other grid-edge devices.
"Those questions, I think, need to be worked out from a bigger picture in the industry because no matter what's in the smart infrastructure space, it needs to be secured."
The discussion concludes with a focus on collaboration between Rhebo and Landis+Gyr. Todd details how Rhebo's solution complements Landis+Gyr's expertise, creating a comprehensive security framework for the entire distribution edge space.
"Rhebo does a really good job of filling the gap on the substation, the network and OT space. And we're starting to get into the IoT side of things as well...""I think there are very good things that we can build, and we all need to work on making the smart grid and smart infrastructures more secure."